Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
AimBot.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_93e0ad3bfaa0be6b7b72cf195b6666742ffea97e_c667c4d5_69e5e9bd-5fac-4670-b3de-37277565c757\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ADF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 04:44:14 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BDA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C0A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\AimBot.exe
|
"C:\Users\user\Desktop\AimBot.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 1636
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
frizzettei.sbs
|
|||
https://bleedminejw.buzz/api
|
172.67.178.50
|
||
bemuzzeki.sbs
|
|||
invinjurhey.sbs
|
|||
exilepolsiy.sbs
|
|||
exemplarou.sbs
|
|||
laddyirekyi.sbs
|
|||
https://frizzettei.sbs/api
|
188.114.96.3
|
||
wickedneatr.sbs
|
|||
isoplethui.sbs
|
|||
bleedminejw.buzz
|
|||
https://frizzettei.sbs/apiPs
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://frizzettei.sbs/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
frizzettei.sbs
|
188.114.96.3
|
||
bleedminejw.buzz
|
172.67.178.50
|
||
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.96.3
|
frizzettei.sbs
|
European Union
|
||
172.67.178.50
|
bleedminejw.buzz
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProgramId
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
FileId
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LowerCaseLongPath
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LongPathHash
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Name
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
OriginalFileName
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Publisher
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Version
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinFileVersion
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinaryType
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProductName
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProductVersion
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LinkDate
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinProductVersion
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
AppxPackageFullName
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Size
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Language
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
IsOsComponent
|
||
\REGISTRY\A\{d20d29b7-847a-44bd-5273-50eb6ed703b3}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
remote allocation
|
page execute and read and write
|
||
6DC000
|
unkown
|
page read and write
|
||
6B1000
|
unkown
|
page execute read
|
||
1468000
|
heap
|
page read and write
|
||
1460000
|
heap
|
page read and write
|
||
6D2000
|
unkown
|
page readonly
|
||
FD000
|
stack
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
113B000
|
stack
|
page read and write
|
||
355E000
|
stack
|
page read and write
|
||
6B0000
|
unkown
|
page readonly
|
||
147C000
|
heap
|
page read and write
|
||
6AF000
|
stack
|
page read and write
|
||
1290000
|
heap
|
page read and write
|
||
737000
|
unkown
|
page readonly
|
||
6D2000
|
unkown
|
page readonly
|
||
12C5000
|
heap
|
page read and write
|
||
6DC000
|
unkown
|
page write copy
|
||
737000
|
unkown
|
page readonly
|
||
307D000
|
stack
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
1410000
|
heap
|
page read and write
|
||
77E000
|
stack
|
page read and write
|
||
58E000
|
stack
|
page read and write
|
||
1450000
|
heap
|
page read and write
|
||
14A1000
|
heap
|
page read and write
|
||
1522000
|
heap
|
page read and write
|
||
12C0000
|
heap
|
page read and write
|
||
736000
|
unkown
|
page read and write
|
||
151B000
|
heap
|
page read and write
|
||
140E000
|
stack
|
page read and write
|
||
735000
|
unkown
|
page execute and read and write
|
||
36CE000
|
stack
|
page read and write
|
||
1FD000
|
stack
|
page read and write
|
||
5A0000
|
heap
|
page read and write
|
||
165E000
|
stack
|
page read and write
|
||
3710000
|
heap
|
page read and write
|
||
2E3D000
|
stack
|
page read and write
|
||
6B1000
|
unkown
|
page execute read
|
||
540000
|
heap
|
page read and write
|
||
810000
|
heap
|
page read and write
|
||
1170000
|
heap
|
page read and write
|
||
351E000
|
stack
|
page read and write
|
||
148D000
|
heap
|
page read and write
|
||
460000
|
remote allocation
|
page execute and read and write
|
||
103B000
|
stack
|
page read and write
|
||
81E000
|
heap
|
page read and write
|
||
365E000
|
stack
|
page read and write
|
||
6B0000
|
unkown
|
page readonly
|
||
128E000
|
stack
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
2F3D000
|
stack
|
page read and write
|
||
341D000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
381F000
|
stack
|
page read and write
|
||
2F7D000
|
stack
|
page read and write
|
||
A0F000
|
stack
|
page read and write
|
||
13CE000
|
stack
|
page read and write
|
||
1524000
|
heap
|
page read and write
|
There are 49 hidden memdumps, click here to show them.